SwimMeet Pro
SwimMeetPro

Privacy Policy for SwimMeet Pro

Last Updated: January 19, 2026

Bitmule Tech LLC ("we," "us," or "our") operates SwimMeet Pro, a SaaS platform for swim meet management. This Privacy Policy explains how we collect, use, and protect your information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), the Brazilian Lei Geral de Proteção de Dados (LGPD), the Australian Privacy Act 1988, and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Information We Collect

We collect the following types of information when you use our service:

a. Personal Information

  • Account Data: Email address, name, phone number (optional).
  • Meet Management Data: Meet details (events, lanes, scoring rules), team information, coach contact details.
  • Swimmer Data: Names, ages, gender, club affiliations, seed times, race results, and performance data provided by meet directors and coaches.
  • Timing System Data: Race results and timing data transmitted from SST (Superior Swim Timing) systems via our desktop agent.
  • Payment Information: Payments are processed by LemonSqueezy; we do not store credit card or financial details.
  • Communication Data: If you contact support, we may collect your name, email, and message content.

b. Automatically Collected Information

  • Device & Usage Data: IP address, browser type, device information, and interaction logs.
  • Desktop Agent Logs: Technical logs from our desktop agent software for troubleshooting timing system integration. These logs contain file access information, upload timestamps, and error messages but do not contain personal information.
  • Cookies & Tracking Data: We use cookies and similar technologies to enhance user experience (see our Cookie Policy for details).

2. Legal Basis for Processing Data

We process your data under the following legal bases:

  • Contractual Necessity: To provide and operate our service.
  • Legitimate Interest: To improve service performance and security.
  • Legal Obligation: Compliance with tax, accounting, or regulatory requirements.
  • Consent: When required, such as for marketing communications.

3. How We Use Your Information

We use your data to:

  • Provide, operate, and improve our swim meet management service.
  • Process meet entries, generate heat sheets, and publish results.
  • Authenticate and manage user accounts (Clerk).
  • Process payments (LemonSqueezy).
  • Host and operate the service (Vercel, Neon, AWS).
  • Integrate with SST timing systems via our desktop agent.
  • Ensure security and prevent fraud.
  • Comply with legal obligations, including USA Swimming requirements where applicable.
  • Provide customer support and respond to inquiries.
  • Troubleshoot technical issues with timing system integration.

4. Data Controllers and Processors

Important: Meet directors, coaches, and team administrators who use SwimMeet Pro are data controllers responsible for:

  • Obtaining necessary consent from swimmers and parents/guardians before entering their information.
  • Ensuring compliance with applicable privacy laws, including COPPA for swimmers under 13.
  • Managing swimmer data in accordance with their organization's policies.
  • Providing privacy notices to swimmers and parents as required by law.
  • Responding to data subject rights requests (access, deletion, correction) from swimmers and parents.

SwimMeet Pro acts as a data processor, processing swimmer information on behalf of meet directors and teams. We process this data solely to provide our meet management services as instructed by the data controller.

5. Data Retention & Deletion

We retain user data for as long as the account is active or as needed to provide services. Meet data and results may be retained for historical record-keeping purposes unless deletion is specifically requested.

Retention Periods:

  • Active Account Data: Retained while account is active
  • Billing Records: 7 years for tax compliance
  • Meet Data: Retained unless deletion requested, subject to legal requirements
  • Closed Account Data: 30 days after account closure, then permanently deleted

Deletion Requests:

Users can request data deletion by emailing support@swimmeet.pro. We will respond within 30 days.

For meet-specific data deletion requests:

  1. Swimmers/Parents: Contact the meet director or team administrator who entered your information, as they are the data controller.
  2. Meet Directors: Submit deletion requests directly to us, and we will delete the specified data within 30 days, subject to legal retention requirements.

Data deletion is subject to:

  • Legal retention requirements (e.g., tax records, billing data)
  • Legitimate business needs (e.g., dispute resolution, fraud prevention)
  • Technical limitations (e.g., backup retention periods)

6. Data Sharing & Third-Party Processors

We do not sell your personal data. However, we share necessary data with third parties that help operate our service:

Service Providers:

  • Clerk – Authentication and user management
  • Vercel – Application hosting
  • Neon – Database hosting
  • Amazon Web Services (AWS) – Infrastructure and backup storage
  • LemonSqueezy – Payment processing

All third-party processors are contractually obligated to protect your data and use it only for the purposes we specify.

Public Sharing:

We may share meet results publicly as directed by meet directors, including:

  • Publishing results on public-facing results pages
  • Exporting to USA Swimming or other swimming organizations
  • Sharing via QR codes or public links
  • Integration with timing system displays

Meet directors control what data is made public and are responsible for obtaining necessary permissions.

7. International Data Transfers

Since we operate globally, your data may be stored or processed in locations outside your home country, including the United States. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Data Processing Agreements (DPAs) with third-party service providers
  • Compliance with applicable data protection laws
  • Appropriate technical and organizational security measures

8. User Rights & Choices

Depending on your location, you have certain rights regarding your data:

a. GDPR & UK GDPR Rights (EU & UK Users)

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to delete your data ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent for processing based on consent
  • Right to lodge a complaint with a data protection authority

b. CCPA Rights (California Residents)

  • Right to know what personal data we collect and how it's used
  • Right to request deletion of your personal data
  • Right to opt out of data sharing for targeted advertising (we do not engage in this practice)
  • Right to non-discrimination for exercising your privacy rights

c. LGPD Rights (Brazilian Users)

  • Right to confirm the existence of data processing
  • Right to data access, correction, anonymization, or deletion
  • Right to object to data processing
  • Right to data portability

d. PIPEDA Rights (Canadian Users)

  • Right to access and correct personal data
  • Right to challenge compliance
  • Right to withdraw consent

e. Australian Privacy Act Rights (Australian Users)

  • Right to access and correct personal data
  • Right to file a complaint with the Office of the Australian Information Commissioner (OAIC)

Exercising Your Rights:

To exercise these rights, contact us at support@swimmeet.pro. We will respond within 30 days (or as required by applicable law).

Note for Swimmers/Parents: If you wish to exercise rights regarding swimmer data, please contact the meet director or team administrator who entered your information, as they are the data controller. If they are unresponsive, contact us and we will assist in facilitating your request.

9. Data Security

We implement industry-standard security measures to protect your personal data, including:

  • Encryption: TLS/SSL encryption for data in transit; AES-256 encryption for data at rest
  • Access Controls: Role-based access controls and multi-factor authentication
  • Authentication: Secure authentication via Clerk with industry-standard protocols
  • Regular Audits: Security monitoring, logging, and periodic security assessments
  • Secure APIs: Authenticated and encrypted API connections for timing system integration
  • Desktop Agent Security: Isolated operation with minimal permissions and secure data transmission
  • Backup Systems: Regular encrypted backups with secure storage
  • Incident Response: Documented security incident response procedures

Despite these measures, no system is 100% secure. We cannot guarantee absolute security but will notify you of any breach as required by law.

10. Children's Privacy (COPPA Compliance)

Our service collects swimmer names, ages, and performance data for meet management purposes. This information is provided by meet directors, coaches, and team administrators who act as data controllers.

Meet Director Responsibilities:

Meet directors and team administrators who enter information about swimmers under 13 are responsible for:

  • Obtaining verifiable parental consent before entering minor swimmer information into SwimMeet Pro
  • Providing parents with notice of what information is collected and how it will be used
  • Ensuring compliance with the Children's Online Privacy Protection Act (COPPA) and applicable laws
  • Managing parental rights requests (access, deletion, etc.)
  • Maintaining records of parental consent

By using SwimMeet Pro, meet directors warrant that they have obtained all necessary parental consents.

SwimMeet Pro's Role:

SwimMeet Pro does not:

  • Directly collect personal information from children under 13
  • Market to or knowingly communicate directly with children
  • Require children to provide more information than reasonably necessary to participate in meets
  • Condition participation on disclosure of more information than necessary

SwimMeet Pro does:

  • Act as a service provider to meet directors in processing swimmer data
  • Provide tools for meet directors to manage swimmer information
  • Delete minor swimmer data upon request from the data controller

Parental Rights:

Parents have the right to:

  • Review their child's personal information
  • Request deletion of their child's information
  • Refuse further collection or use of their child's information

To exercise these rights, contact the meet director who manages your meet registration. If you need assistance, email support@swimmeet.pro.

Unauthorized Collection:

If we become aware that personal information from a child under 13 has been collected without proper parental consent, we will work with the meet director to address the issue and delete the data if required.

11. Third-Party Links & Integrations

Our service may contain links to third-party websites or integrations with external services, including USA Swimming systems, timing hardware vendors, and other swimming organizations. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before sharing your data with them.

12. Marketing Communications & Opt-Out

We may send promotional emails about our services to account holders. Users can opt out of such communications by:

  • Clicking the "unsubscribe" link in emails
  • Contacting us at support@swimmeet.pro
  • Updating preferences in account settings

Important: Transactional emails related to account management, meet operations, security updates, or service notifications cannot be opted out of as they are necessary for service operation.

We do not send marketing communications to swimmers or parents. All communications are directed to meet directors and administrators.

13. Do Not Track (DNT) & Tracking Preferences

Our website does not respond to Do Not Track (DNT) signals sent by browsers, as no industry-wide standard has been established for this feature. You can control cookies through your browser settings as described in our Cookie Policy.

14. Legal Requests & Government Access

We may disclose personal information in response to:

  • Valid legal requests, subpoenas, or court orders
  • Law enforcement or government agency requests
  • Protection of our rights, property, or safety
  • Protection of users or the public as required by law

When legally permitted, we will:

  • Notify users of such requests unless prohibited by law or court order
  • Challenge overbroad or inappropriate requests
  • Provide only the minimum information necessary to comply

We maintain records of all legal requests and disclose aggregate statistics in our transparency reports when available.

15. Data Breach Notification Policy

In the event of a data breach that affects personal information, we will:

  1. Investigate: Immediately investigate the scope and impact of the breach
  2. Contain: Take steps to contain and remediate the breach
  3. Notify: Notify affected users as required by law, typically within 72 hours of discovery
  4. Inform Controllers: Notify meet directors if swimmer data is affected so they can notify parents/guardians
  5. Report: Report to relevant authorities as required by applicable laws

Notifications will be sent via:

  • Email to registered account email addresses
  • Prominent notice on our website
  • Direct communication to meet directors for swimmer data breaches

Notifications will include:

  • Description of the breach
  • Types of data affected
  • Steps we're taking to address the breach
  • Recommended actions for affected users
  • Contact information for questions

16. Data Processing Agreements (DPAs)

We offer Data Processing Agreements (DPAs) for meet directors and organizations that require formal documentation of our data processor relationship for GDPR compliance or organizational requirements.

To request a DPA, contact us at support@swimmeet.pro. DPAs typically include:

  • Description of processing activities
  • Data security measures
  • Sub-processor information
  • Data subject rights procedures
  • Breach notification requirements
  • International data transfer mechanisms

17. User-Generated Content & Responsibility

Meet directors and team administrators are responsible for ensuring that any data they enter into SwimMeet Pro:

  • Complies with applicable laws and regulations
  • Adheres to organizational policies
  • Meets USA Swimming requirements where applicable
  • Does not include sensitive or legally restricted content beyond what is necessary for meet management
  • Has been collected with appropriate consent and authorization

Users must not enter:

  • False or fraudulent information
  • Defamatory or harassing content
  • Confidential information they're not authorized to share
  • Medical information beyond basic eligibility requirements

18. Data Portability & Export Requests

Users may request an export of their stored data in a structured format by contacting support@swimmeet.pro. We provide:

  • Meet Data Export: SDIF format for USA Swimming compliance, CSV, or JSON
  • Account Data Export: JSON format containing all account information
  • Response Time: Within 30 days of request

Meet directors can export meet data at any time through the application interface without contacting support.

19. Automated System Logs & Anonymization

We may anonymize or aggregate certain data for:

  • Analytics and service improvement
  • Security monitoring and threat detection
  • Usage statistics and reporting
  • Product development decisions

Anonymized data:

  • Does not personally identify users or swimmers
  • Cannot be re-identified
  • May be retained indefinitely for business purposes
  • Is not subject to deletion requests

20. Desktop Agent Software

Our desktop agent software runs locally on your computer to integrate with SST timing systems.

What the Agent Does:

  • Monitors timing result files stored locally by your SST timing system
  • Reads timing data from designated directories
  • Transmits race results to SwimMeet Pro servers via encrypted HTTPS connection
  • Stores minimal local logs for troubleshooting purposes (retained for 30 days)

What the Agent Does NOT Do:

  • Access files outside designated timing system directories
  • Monitor browsing activity or other applications
  • Collect personal information beyond timing data
  • Install background services that persist after uninstallation
  • Communicate with servers other than SwimMeet Pro

Agent Security:

  • Code signed with valid certificate to verify authenticity
  • Encrypted data transmission (TLS 1.3)
  • Minimal system permissions required
  • Regular security updates
  • Open audit logs available on request

Uninstallation:

The agent can be uninstalled at any time through standard operating system removal procedures. Uninstallation will:

  • Remove all agent software
  • Delete local logs
  • Stop all background processes
  • Not affect previously uploaded meet data

21. USA Swimming Compliance

SwimMeet Pro supports SDIF (Swim Data Interchange Format) compliance for USA Swimming requirements. However:

  • Meet directors are responsible for ensuring their use of the platform complies with all USA Swimming rules, regulations, and requirements
  • We provide tools to support compliance but do not guarantee compliance
  • USA Swimming sanctioning requirements are the responsibility of meet directors
  • We are not affiliated with or endorsed by USA Swimming (unless otherwise stated)

22. Banking & Tax Compliance

Billing records and transaction data may be retained for tax compliance purposes, as required by applicable laws, typically for a period of 7 years after the transaction. This data is stored securely and accessed only for:

  • Tax reporting and audits
  • Financial record-keeping
  • Dispute resolution
  • Legal compliance

23. State-Specific Privacy Rights

California (CCPA/CPRA):

California residents have additional rights including the right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA):

Residents of these states have rights similar to GDPR, including access, deletion, correction, and portability rights. Contact support@swimmeet.pro to exercise these rights.

Other States:

As additional states enact privacy laws, we will update this policy and extend applicable rights to residents of those states.

24. Changes to This Privacy Policy

We may update this policy periodically to reflect:

  • Changes in our practices
  • New legal requirements
  • Service enhancements
  • User feedback

Notification of Changes:

  • Significant changes will be notified via email to registered users
  • Prominent notice on our website for 30 days
  • Updated "Last Updated" date at the top of this policy

What Constitutes Acceptance: Continued use of the service after changes indicates acceptance of the updated policy. If you disagree with changes, discontinue use and contact us to delete your account.

25. Contact Information & Data Protection Officer

For any privacy-related inquiries, you can contact us at:

General Privacy Inquiries:

  • Email: support@swimmeet.pro
  • Mail: Bitmule Tech LLC, 46 Irving, Eugene, Oregon 97404, USA
  • Response Time: Within 30 days (or as required by law)

For Swimmer Data Inquiries: Please contact the meet director or team administrator who manages your meet registration. If they are unresponsive or you need assistance, contact us at the email above.

For EU/UK Users: If you have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.

Effective Date: January 19, 2026

Policy Version: 1.0